From patchwork Mon Jul 9 07:27:14 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julia Lawall X-Patchwork-Id: 169701 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:4978:20e::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id A75C92C0217 for ; Mon, 9 Jul 2012 17:29:50 +1000 (EST) Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.76 #1 (Red Hat Linux)) id 1So8Nj-0005JT-FX; Mon, 09 Jul 2012 07:27:43 +0000 Received: from mail1-relais-roc.national.inria.fr ([192.134.164.82]) by merlin.infradead.org with esmtps (Exim 4.76 #1 (Red Hat Linux)) id 1So8NS-0005Hr-7A for linux-mtd@lists.infradead.org; Mon, 09 Jul 2012 07:27:32 +0000 X-IronPort-AV: E=Sophos;i="4.77,551,1336341600"; d="scan'208";a="166080972" Received: from palace.lip6.fr (HELO localhost.localdomain) ([132.227.105.202]) by mail1-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-SHA; 09 Jul 2012 09:27:17 +0200 From: Julia Lawall To: Artem Bityutskiy Subject: [PATCH] fs/ubifs/orphan.c: remove invalid reference to list iterator variable Date: Mon, 9 Jul 2012 09:27:14 +0200 Message-Id: <1341818834-2101-1-git-send-email-Julia.Lawall@lip6.fr> X-Mailer: git-send-email 1.7.8.6 X-Spam-Note: CRM114 invocation failed X-Spam-Score: -6.1 (------) X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary: Content analysis details: (-6.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high trust [192.134.164.82 listed in list.dnswl.org] 0.8 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] Cc: linux-mtd@lists.infradead.org, kernel-janitors@vger.kernel.org, Adrian Hunter , linux-kernel@vger.kernel.org X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: linux-mtd-bounces@lists.infradead.org Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Julia Lawall If list_for_each_entry, etc complete a traversal of the list, the iterator variable ends up pointing to an address at an offset from the list head, and not a meaningful structure. Thus this value should not be used after the end of the iterator. Replace a field access from orphan by NULL in two places. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ identifier c; expression E; iterator name list_for_each_entry; statement S; @@ list_for_each_entry(c,...) { ... when != break; when forall when strict } ... ( c = E | *c ) // Signed-off-by: Julia Lawall --- fs/ubifs/orphan.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ubifs/orphan.c b/fs/ubifs/orphan.c index b02734d..cebf17e 100644 --- a/fs/ubifs/orphan.c +++ b/fs/ubifs/orphan.c @@ -176,7 +176,7 @@ int ubifs_orphan_start_commit(struct ubifs_info *c) *last = orphan; last = &orphan->cnext; } - *last = orphan->cnext; + *last = NULL; c->cmt_orphans = c->new_orphans; c->new_orphans = 0; dbg_cmt("%d orphans to commit", c->cmt_orphans); @@ -382,7 +382,7 @@ static int consolidate(struct ubifs_info *c) last = &orphan->cnext; cnt += 1; } - *last = orphan->cnext; + *last = NULL; ubifs_assert(cnt == c->tot_orphans - c->new_orphans); c->cmt_orphans = cnt; c->ohead_lnum = c->orph_first;